- All Exams Instant Download
Which of the following command sequences should the penetration tester try NEXT?
A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds...
Which of the following would the tester MOST likely describe as a benefit of the framework?
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?A . Understanding the tactics of a security intrusion can help disrupt them.B . Scripts that are part of the...
Which of the following is the MOST likely culprit?
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installationsB ....
Which of the following is the BEST way to provide confidentiality for the client while using this connection?
A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?A . Configure wireless access to use a AAA server.B . Use random MAC addresses on the...
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurationsB . Open web ports on a hostC . Supported HTTP methodsD . Listening web servers in a domainView AnswerAnswer:...
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power.B . devices are obsolete and are no longer available for replacement.C . protocols are more difficult to understand.D . devices may cause physical world effects.View...
Which of the following tools or techniques would BEST support additional reconnaissance?
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...
Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?A . Sniff and then crack the WPS PIN...
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . ShodanB . NmapC . WebScarab-NGD . NessusView AnswerAnswer: A
Which of the following data structures is systems?
Given the following code: Which of the following data structures is systems?A . A tupleB . A treeC . An arrayD . A dictionaryView AnswerAnswer: C
